Jethro Beekman, John Manferdelli and David Wagner

Internet services can provide a wealth of functionality, yet their usage raises privacy, security and integrity concerns for users. This is caused by a lack of guarantees about what is happening on the server side. As a worst case scenario, the service might be subjected to an insider attack. We use remote attestation of the server to obtain guarantees about the programming of the service. On top of that, we augment Certificate Transparency to distribute information about which services exist and what they do. Combined, this creates a platform that allows legacy clients to obtain security guarantees about Internet services.

BibTeX citation:

@techreport{Beekman:EECS-2016-12,
Author = {Beekman, Jethro and Manferdelli, John and Wagner, David},
Title = {Attestation Transparency: Building secure Internet services for legacy clients},
Institution = {EECS Department, University of California, Berkeley},
Year = {2016},
Month = {Mar},
URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-12.html},
Number = {UCB/EECS-2016-12},
Abstract = {Internet services can provide a wealth of functionality, yet their usage raises privacy, security and integrity concerns for users.
This is caused by a lack of guarantees about what is happening on the server side.
As a worst case scenario, the service might be subjected to an insider attack.
We use remote attestation of the server to obtain guarantees about the programming of the service.
On top of that, we augment Certificate Transparency to distribute information about which services exist and what they do.
Combined, this creates a platform that allows legacy clients to obtain security guarantees about Internet services.}
}